Senior Practices Director - Technical Security Assessment Leader

About The Position

Requirements

• 10+ Years of experience in a dedicated security role (Security Engineering, AppSec, Incident Response, or Red/Blue Teaming).
• Assessment Tooling: Proficiency with standard security assessment tools such as BurpSuite, Nexpose, Nessus, Metasploit, or Nmap.
• Code Review: Experience performing manual and tool-assisted code reviews in Java, JavaScript, Python, or similar languages.
• Cloud Fluency: Hands-on experience securing and testing public cloud environments (AWS, Azure, GCP) and understanding the Shared Responsibility Model.
• Protocols: Deep knowledge of network security models, encryption standards (PKI, TLS), and identity protocols (SAML, OAuth, Kerberos).
• Exploit Mitigation: Familiarity with OWASP Top 10 vulnerabilities and modern defense techniques.
• Certifications (Candidates should possess one or more of the following): CISSP (Certified Information Systems Security Professional) – Demonstrates senior-level architectural breadth.
• CCSP (Certified Cloud Security Professional) – Critical for understanding SaaS/PaaS security models.
• OSCP (Offensive Security Certified Professional) or GPEN – Demonstrates hands-on "hacker mindset" and technical capability.
• GWAPT (GIAC Web Application Penetration Tester)
• CISM (Certified Information Security Manager)

Nice To Haves

• Prior Big-4 or relevant customer facing consulting experience is a plus.

Responsibilities

• Strategic Advisory Synthesize information from the industry regarding potential attack vectors and proactively advise on related security controls impacting SAAS apps.
• Supply Chain Risk: Advise customers on securing their Salesforce environment across the digital supply chain, identifying risks in third-party integrations, AppExchange packages, and connected middleware.
• Standards Definition: Define technical security standards and "Gold Standard" implementation guides to ensure consistent quality across the practice.
• Architecture, Assessment & Testing Full-Stack Assessments: Lead architecture reviews, code reviews, and penetration tests across diverse environments (Web Apps, SaaS, and Mobile).
• Threat Modeling: Conduct workshops to identify design flaws and develop mitigation techniques that balance strict security requirements with business agility.
• DevSecOps & Engineering Secure SDLC: Collaborate with engineering teams to "shift security left," integrating automated security scanning (SAST/DAST) into CI/CD pipelines.
• Automation: Develop automated tooling (scripts, scanners) to identify vulnerabilities and solve security problems at scale.
• Identity Architecture: Design robust authentication and authorization flows using modern protocols (SAML, OAuth, OIDC) to secure access to the platform.

Benefits

• Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program.
• More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.